Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

Black Lab SDK 1.8 released

QT Creator - for QT 5 Gambas 3 - Visual Basic for Linux Ubuntu Quickly - Quick and dirty development tool for python emacs and Xemacs - Advanced Text Editor Anjuta and Glade - C++ RAD development tool for GTK Netbeans - Java development environment GNAT-GPS - IDE for the following programming languages. Ada, C, JavaScript, Pascal and Python Idle - IDE for Python Scite - Text Editor Read more

Did Red Hat’s CTO Walk – Or Was He Pushed?

He went on to say that some within Red Hat speculate that tensions between Stevens and Paul Cormier, Red Hat’s president of products and technologies, might be responsible, although there doesn’t appear to have been any current argument between the two. Cormier will take over Stevens’ duties until a replacement is found. Vaughan-Nichols also said that others at Red Hat had opined that Stevens might’ve left because he’d risen as high as he could within the company and with no new advancement opportunities open to him, he’d decided to move on. If this was the case, why did he leave so abruptly? Stevens had been at Red Hat for nearly ten years. If he was leaving merely because “I’ve done all I can here and it’s time to seek my fortune elsewhere,” we’d expect him to work out some kind of notice and stay on the job long enough for Red Hat to find a suitable replacement. Turning in a resignation that’s effective immediately is not the ideal way to walk out the door for the last time. It smells of burning bridges. Read more

Firefox OS Smartphones Change The Mobile Landscape Across India

The launch of two Firefox OS phones in India in the same week marks an exciting moment in Mozilla’s mission to promote openness and innovation on the Web, and an opportunity to empower millions of Indians wanting to buy their first smartphones. Firefox OS will enable users to obtain lower-cost devices that offer telephony, messaging and camera and rich capabilities like built-in social integration with Facebook and Twitter, the Firefox browser, FM radio and popular apps. Read more

Mozilla Marches Ahead with Ads for Firefox

This November, Mozilla is up for renegotiation with Google for placement of Google search as the default search in Firefox and for the related subsidies that Google pays Mozilla, which reached almost $300 million last year. That comprised the majority of Mozilla's income. With Chrome establishing itself as a leader in the browser wars, its unclear what relationship Google will continue to pursue with Mozilla. Read more